<?
//i : id
//c : code : filename

defined('BASE_PATH') || define('BASE_PATH', realpath(dirname(__FILE__)));
include_once ("config/config.php");
include_once ("config/common.php");
$arrCode = explode('-',$_REQUEST["c"]);
if (isset($_REQUEST["i"]) && intval($_REQUEST["i"])>0 && isset($_REQUEST["c"]) && intval($arrCode[0])>0 && intval($arrCode[1])>0) {
    $sqlCheck = "SELECT * FROM support_attach WHERE id=".intval($_REQUEST["i"])." AND filename LIKE '/support/%".filter($_REQUEST["c"])."____'";
    $rs = $db->query_first($sqlCheck);
    if($rs) {
        //$db->query("UPDATE article_attach SET download_count=download_count+1 WHERE id=".intval($_REQUEST["i"]));
        $file=$config ['upload_dir'].$rs['filename'];
        header("Content-type: application/force-download");
        header("Content-Transfer-Encoding: Binary");
        header("Content-length: ".filesize($file));
        header("Content-disposition: attachment; filename=\"".'bantinnhadat.vn-'.basename($rs['real_filename'])."\"");
        readfile("$file");
        die;
    }
}else{
    echo "Your IP is loged. Dont hack, please!";
}
 ?>